User Impersonation Affecting spid.aspnetcore.authentication package, versions [,3.4.0)

Threat Intelligence

Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DOTNET-SPIDASPNETCOREAUTHENTICATION-8737904
published19 Feb 2025
disclosed18 Feb 2025
creditAbdel Adim (smaury) Oisfi,Paolo (paupu) Cavaglià,Nicola (fromveeko) Davico

Report a new vulnerability Found a mistake?

Introduced: 18 Feb 2025

NewCVE-2025-24894 (opens in a new tab) CWE-290 (opens in a new tab)

How to fix?

Upgrade SPID.AspNetCore.Authentication to version 3.4.0 or higher.

Overview

SPID.AspNetCore.Authentication is a custom implementation of an AspNetCore RemoteAuthenticationHandler for SPID (a.k.a. the Italian 'Sistema Pubblico di Identità Digitale').

Affected versions of this package are vulnerable to User Impersonation due to the insufficient validation of SAML response signatures in the VerifySignature() function in XmlHelpers.cs. An attacker can impersonate any user by injecting a valid signature into a SAML response where the root object is expected.

References

GitHub Commit

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None